Total
18940 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | ||||
| CVE-2014-5200 | 1 Fb Gorilla Project | 1 Fb Gorilla | 2025-04-12 | N/A |
| SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2014-2708 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | ||||
| CVE-2011-5272 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers. | ||||
| CVE-2014-5275 | 1 Prochatrooms | 1 Text Chat Rooms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter. | ||||
| CVE-2015-2564 | 1 Projectsend | 1 Projectsend | 2025-04-12 | N/A |
| SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | ||||
| CVE-2013-7375 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | ||||
| CVE-2014-2081 | 1 Iii | 1 Vtls-virtua | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | ||||
| CVE-2015-7448 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-0524 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | N/A |
| SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-10013 | 1 Strategy11 | 1 Awp Classifieds | 2025-04-12 | N/A |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. | ||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | ||||
| CVE-2014-10017 | 1 Welcart | 1 E-commerce | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-4858 | 1 Sabreairlinesolutions | 5 Crew Management, Crew Operations, Crew Planning and 2 more | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | ||||